ip-intelligence
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: ip-intelligence Version: 1.0.1 The skill provides IP intelligence querying and security report generation (daily/weekly/monthly) using a dedicated API (ai2api.top). The logic is transparently documented in SKILL.md, requiring a standard API key for authentication and providing structured templates for reporting threat data. No indicators of data exfiltration, malicious execution, or harmful prompt injection were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
IP addresses or report queries may be sent to the listed intelligence provider.
The skill directs the agent to submit IP lookup requests to a documented external API. This is purpose-aligned, but queried IPs may leave the user's environment.
基础URL: `https://ai2api.top/api/v1/security/ip-intelligence` ... 请求体: { "ip": "1.13.246.134", "fields": ["all"] }Use the skill only when you are comfortable sharing the queried IP data with that provider.
Anyone or any agent with access to this environment variable could use the configured IP-intelligence service under that key.
The skill requires an API key and passes it in an HTTP header. This is expected for the service, and the artifact explicitly warns not to hardcode the key.
IP_INTELLIGENCE_API_KEY=<your-api-key> ... X-API-Key: ${IP_INTELLIGENCE_API_KEY}Use a scoped key if available, store it only in the environment, and rotate it if exposed.
Installation or review screens may not clearly show that an API key is needed.
The registry metadata does not declare required environment variables, while SKILL.md declares IP_INTELLIGENCE_API_KEY. Because the credential use is documented and purpose-aligned, this is a metadata clarity note rather than a concern.
Required env vars: none; Env var declarations: none
Confirm the required API key and provider before enabling the skill.
Generated security reports could influence operational decisions such as blocking IPs or prioritizing fixes.
The report templates include authoritative-looking data-source labels and recommendations. This fits the reporting purpose, but recipients may over-trust generated reports if the source and methodology are not verified.
**数据来源**:福建政务云威胁情报平台 | **信源参考**:CNCERT | CNNVD | 安全内参
Verify the data source, date range, and high-impact recommendations before distributing or acting on generated reports.